Integrated circuits developed for secure application usually embed internal frequency detector to prevent from external manipulation of the internal clock using probing techniques. Main threat addressed by such security mechanism is a clock stepping attack to get control for example of CPU operations or of crypto processor engine.
The patent U.S. Pat. No. 7,106,091 B2 discloses the principle of a detector circuit in an integrated circuit. The dedicated detector circuit monitors the interconnect functioning of signal lines between two circuit blocks. The circuit configuration for detecting an unwanted attack on an integrated circuit has a signal line to which a clock signal is applied and at least one line pair which is respectively used to code a bit. The signal line and the at least one line pair are connected between a first and a second circuit blocks in the integrated circuit. The detector circuit changes the operating sequence in the integrated circuit on the basis of the signals on the signal line and on the at least one line pair. The detector circuit can be used to the same extent to test for production faults.
The deficiencies and drawbacks of the known solutions against such threats can be summarized below. So typical properties respectively deficiencies of a clock detector integration include:                frequency detection cell is usually easy to locate and to modify, as explained in the patent U.S. Pat. No. 7,106,091 B2;        frequency detection interconnections are usually easy to locate and to modify, as explained in the patent U.S. Pat. No. 7,106,091 B2;        frequency detection relies on single analog cell that can be easily neutralized as explained in the patent U.S. Pat. No. 7,106,091 B2;        frequency detection is usually sensing one point to check clock characteristics;        frequency detection does not check the clock at critical points where signal is used (leaf cells of clock tree);        frequency detector proposes usually global protection not covering locally critical points, as explained in the patent U.S. Pat. No. 7,106,091 B2;        frequency detection does not embed self-test function to detect any tampering of the monitoring system.        
Further typical properties, respectively deficiencies of a clock detector include:                frequency detection verifies clock frequency within two limits UFD and OFD but usually not clock characteristic such as duty cycle and        frequency detection is usually dependent of current sources or other clock signals that could be influenced.        
Generally with an internal frequency detector in an analogue part of the integrated circuit, it is easy to detect the interconnection of said detector and to bypass said detector in order to clock externally from the integrated circuit some operations of the CPU.
We can cite the patent application US 2003/0115503 A1, which describes a system for enhancing fault tolerance and security of a computing system. It is provided a detection of a clock signal between several system clocks and secure clocks in case of fault detections or events of the type over or under frequency detection. This is described in particular concerning the fault tolerance of the electronic system in case of fault detection, but not to make immune each clock detector to neutralization attempts from external manipulation.
In the patent application WO 00/45244 A1, it is described security modules in an integrated circuit. Said modules are integrated in parts managing several events, such as voltage, over or under frequency detection, and to have a memorization logic, masking or synthesis function by taking into account events as reset operations. However the proposed security strategy is vulnerable as already described in the prior art. It is not to make immune each clock detector to neutralization attempts from external manipulation.